Strava provides users with rights to access, correct, delete, and export their personal data, with additional rights for EU, UK, and certain US state residents such as the right to object to processing.
These rights are legally enforceable and allow you to obtain a copy of all data Strava holds about you, request corrections, or have your data deleted, giving you meaningful control over your information.
Data subject rights provisions must comply with GDPR Articles 15-22 for EEA/UK users, CCPA/CPRA for California residents, and analogous rights under Virginia, Colorado, Connecticut, and other state privacy laws. Compliance teams should verify response time SLAs (30 days under GDPR/CCPA) and identity verification procedures.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.